In the last fifteen years the use of transaction cards as substitutes for cash has greatly expanded. Along with this expanded use has come an increase in losses due to fraud. One of the most costly problems is caused by the use of invalid cards. The term invalid card includes those cards which have been lost or stolen. The term can also include cards whose credit limits have been exceeded by the holder. Significant efforts have been made to minimize the use and abuse of invalid cards.
One of the earliest approaches used to combat this fraud was to distribute a printed list of invalid cards. One such list is called the Card Recovery Bulletin or CRB. In use, the merchant checks the account number on the card presented for the transaction with the account numbers printed in the CRB. If the account number is listed, the transaction would be declined.
This use of the CRB is effective in reducing a large percentage of fraud losses. Unfortunately, this approach has a few drawbacks. For example, a transaction card is often used almost immediately after it has been lost or stolen. This immediate use will occur before the card has been listed in the bulletin or before the bulletin has been distributed. Another problem with this approach is that from a practical standpoint, it is often difficult to insure that store clerks use the list properly or at all.
Because of these difficulties, many other more sophisticated approaches have been taken. One of the most effective schemes is to authorize every transaction through a real-time, on-line communications network. For example, the merchant can report the account number of the card presented for a transaction to a central processor by telephone. The account number on the card can then be checked against a current list of invalid card numbers stored either at the central processor or back at the card issuer. In another variation on this scheme, a transaction terminal is provided with a card reader which reads a magnetic stripe encoded with an account number. The terminal can then automatically transmit the account number to the central processor for approval.
This on-line scheme eliminates the lag time inherent in using the Card Recovery Bulletin. Unfortunately, a fully on-line system turns out to be prohibitively expensive and prone to communication delays. An on-line approach also does not provide any protection when the network is down.
More recently, many approaches have been taken to reduce transaction approval costs while also controlling fraud losses. As microprocessors become smaller, cheaper and faster, some of the transactional analysis can be performed at the terminal itself. Efforts have been made to develop screening procedures that avoid having to transmit the transaction information to the central processor. For example, the transaction terminal can be programmed to authorize every transaction below a certain dollar limit or floor limit. In this manner, the cost of communication can be balanced against the risk of loss.
The terminal may also be provided with the capability to verify a cardholder secret personal identification number or PIN. In this scenario, a version of the PIN is encoded onto the magnetic stripe on the card and read by the terminal. The terminal then compares the PIN read from the card with a PIN entered into a keypad on the terminal by the cardholder. If the two PINs match, the transaction can be approved. The use of PINs sharply reduces the fraudulent use of lost or stolen cards.
A more sophisticated approach is described in copending U.S. patent application Ser. No. 730,309, filed May, 2, 1985, assigned to the same assignee as the subject invention and incorporated herein by reference. In this patent application, a system is described wherein risk assessment data is encoded onto the card by the card issuer. This risk assessment data is tailored to define the credit worthiness of each specific cardholder. This risk assessment data can be analyzed by the transaction terminal and if the transaction amount falls within the parameters encoded on the card by the issuer, the transaction can be automatically approved. If the transaction amount exceeds these parameters, the transaction information is routed on to the central processor for further analysis.
As the cost of computer memory space has decreased, the idea of storing the account numbers of invalid cards in each transaction terminal has been explored. If this scheme were implemented, the account number of the card being presented for the transaction could be automatically compared at the terminal. One prior art system which utilized this approach is described in U.S. Pat. No. 3,696,335, issued Oct. 3, 1972 to Lemelson.
The approach illustrated in the Lemelson patent has been deemed impractical for a number of reasons. More specifically, in order to keep the lists current, they would have to distributed to the terminals and updated on a frequent basis. With the number of transaction terminals rapidly expanding, it would be virtually impossible to physically transfer this data to the terminals on a routine basis. Therefore, distribution of the list of invalid account numbers must be through some type of communication link. Unfortunately, the lists of invalid cards are so large for the major transaction card systems that on-line distribution becomes quite difficult. However, if some way could be developed to distribute the list in an efficient manner, this approach could be very effective in reducing both communication costs and fraud losses.
One technique for attaining this goal is described in U.S. Pat. No. 4,558,211, issued Dec. 10, 1985 to Berstein. This disclosure acknowledges that a complete "hot card" list would be too large to transmit to each transaction terminal. The solution proposed in the latter patent is to add an identifier to each listed hot card which indicates the geographical location in which the card is most likely to be used. Subsets of the hot card list geared to specific geographical locations can then be generated. The greatly shortened lists can then be distributed to the terminals and stored. The patent suggests that a standard 4K byte memory in a terminal could hold a list of 800 invalid cards. Since most invalid cards are used in the area where they were lost or stolen, this approach could be very effective as long as only 800 invalid cards exist in any geographical area.
Unfortunately, major transaction card companies will typically have over one million invalid cards listed on any given day in the United States alone. Even when these lists are broken down geographically, the size of the smallest list does not fall much below 100,000 cards. Obviously, if the geographical area is made too small, the effectiveness of the system will be reduced since it will be limited to catching an unauthorized user only at the exact location the card was lost or stolen.
Accordingly, it is the object of the subject invention to provide a new system for distributing information about invalid cards.
It is another object of the subject invention to provide a new system for distributing lists of invalid cards which can be used to authorize transactions at a transaction terminal.
It is a further object of the subject invention to provide a new system for distributing lists of invalid cards in a cost effective manner.
It is still another object of the subject invention to provide a new system for rapidly distributing lists of invalid cards in an on-line manner.
It is still a further object of the subject invention to provide a new data file containing information about invalid cards that takes up very little memory space.
It is still another object of the subject invention to provide a compressed data file that can be easily transmitted to remote transaction terminals.
It is still a further object of the subject invention to proved a compressed data file which will always indicate when an invalid card has been presented and wherein the probability of identifying a valid card as a potentially invalid card is on the order of one to three percent.
It is still another object of the subject invention to provide a hot card authorization system that can easily be implemented in current microprocessor based remote transaction terminals.
It is still a further object of the subject invention to provide a compressed data file with information on an invalid transaction that is arranged in a manner such that the entire file does not have to be searched in order to determine if a particular account number is invalid.